Four Areas of Cyber Risk That Boards Need to Address

Harvard Business Review
June 15, 2023
Download PDF


Aligning cybersecurity to business needs, monitoring cybersecurity performance, adapting to new threats, and developing the cybersecurity workforce are four areas boards need to address. Learn more about the topics and what can be done to alleviate each risk.

As technological innovations such as cloud computing, the Internet of Things, robotic process automation, and predictive analytics are integrated into organizations, it makes them increasingly susceptible to cyber threats. Fortune 1000 companies, for example, have a 25% probability of being breached, and 10% of them will face multi-million loss. In smaller companies, 60% will be out of business within six months of a severe cyberattack. This means that governing and assessing cyber risks becomes a prerequisite for successful business performance — and that investors need to know how vulnerable companies really are.

This need for transparency has been recognized by the regulators and facilitated by the new cyber security rules. Currently, the U.S. Security and Exchange Commission (SEC) has increased its enforcement to ensure companies maintain adequate cybersecurity controls and appropriately disclose cyber-related risks and incidents.

Unfortunately, our research shows that cyber risk is not easy to understand.

Read more here.

Harvard Business Review
Harvard Business Review

Harvard Business Publishing (HBP) was founded in 1994 as a not-for-profit, wholly-owned subsidiary of Harvard University, reporting into Harvard Business School. Our mission is to improve the practice of management in a changing world. This mission influences how we approach what we do here and what we believe is important.

Become a Member